I've been working on the file upload script. The following is the section I
added to 'ADD_DEPARTMENT' before the 'INSERT' into the department table.
Although this is rather lengthy, I believe I've covered all the bases as far
as error handling etc. Please let me know if anyone has suggestions to
improve it.
if ($continueInsertion && (!empty($inputGraphic_name)) )
{
if(!is_uploaded_file($inputGraphic))
{
$ActionResults[] = "Possible file upload attack: filename
'$inputGraphic'.";
$continueInsertion = FALSE;
}
$CheckIDQuery = "SELECT ID FROM department ";
$CheckIDQuery .= "ORDER BY ID DESC LIMIT 1 ";
if ( !($result = mysql_query($CheckIDQuery, $DatabaseLink)) )
{
$ActionResults[] = mysql_errno() . ": " . mysql_error() .
" Query was $CheckIDQuery";
$continueInsertion = FALSE;
}
else
{
$row = mysql_fetch_row($result);
$depart_no = ($row["0"] + 1);
$continueInsertion = TRUE;
}
$size = getimagesize($inputGraphic);
$file_ext = strrchr($inputGraphic_name, ".");
$inputGraphic_name = "deptGraphic$depart_no$file_ext";
$dept_file_storage =
"$DOCUMENT_ROOT/images/departments/$inputGraphic_name";
if($inputGraphic_size > $dept_max_file_size)
{
$ActionResults[] = "$inputGraphic_size bytes is too large. Your file size
must not exceed $dept_max_file_size";
$continueInsertion = FALSE;
}
if($continueInsertion)
{
if(!in_array($inputGraphic_type, $allowed_file_types))
{
$ActionResults[] = "File type must be either \"jpg, gif, png\"";
$continueInsertion = FALSE;
}
}
if($continueInsertion)
{
if ($size[0] > $dept_max_file_width || $size[1] > $dept_max_file_height)
{
$ActionResults[] = "File dimensions exceeded. Max. size:
$dept_max_file_width px wide by $dept_max_file_height px high.";
$continueInsertion = FALSE;
}
}
if ($continueInsertion)
{
copy($inputGraphic, $dept_file_storage);
$ActionResults[] = "File uploaded";
$continueInsertion = TRUE;
}
if (!file_exists($dept_file_storage))
{
$ActionResults[] = "File not copied to $dept_file_storage";
$continueScript = FALSE;
}
}
The INSERT statement needs to be modified to append '_name' to the end of
the 'Graphic' field (which was missing)
I've also add these variables to global_settings and of course made the
appropriate changes to the input fields and 'ENCTYPE="multipart/form-data"
was specified in the form functions.
$dept_max_file_size = (10 * 1024);
$dept_max_file_width = 150;
$dept_max_file_height = 250;
$thumb_max_file_size = (10 * 1024);
$thumb_max_file_width = 125;
$thumb_max_file_height = 200;
$graphic_max_file_size = (25 * 1024);
$graphic_max_file_width = 215;
$graphic_max_file_height = 300;
$lg_graphic_max_file_size = (35 * 1024);
$lg_graphic_max_file_width = 400;
$lg_graphic_max_file_height = 600;
$allowed_file_types = array("image/gif", "image/pjpeg", "image/jpeg",
"image/x-png", "image/bmp");
=======================
Ron Dyck
WebbTech
www.WebbTech.net
[EMAIL PROTECTED]
905 734-1164
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Site: http://www.working-dogs.com/freetrade/
Problems?: [EMAIL PROTECTED]
